From 017d136edc9e12f31f6ea224303ba78e292d4e21 Mon Sep 17 00:00:00 2001 From: Marco Ebert Date: Thu, 10 Nov 2022 17:36:14 +0100 Subject: [PATCH] RBAC: Move `ClusterRole` to separate file. --- CHANGELOG.md | 1 + .../templates/clusterrole.yaml | 77 ++++++++++++++++++ .../templates/rbac.yaml | 78 ------------------- 3 files changed, 78 insertions(+), 78 deletions(-) create mode 100644 helm/nginx-ingress-controller-app/templates/clusterrole.yaml diff --git a/CHANGELOG.md b/CHANGELOG.md index 8187f01c4..aa933520d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -41,6 +41,7 @@ and this project's packages adheres to [Semantic Versioning](http://semver.org/s - RBAC: Align to upstream. ([#378](https://github.com/giantswarm/nginx-ingress-controller-app/pull/378)) - RBAC: Move `ClusterRoleBinding` to separate file. - RBAC: Move `RoleBinding` to separate file. + - RBAC: Move `ClusterRole` to separate file. ## [2.20.0] - 2022-11-02 diff --git a/helm/nginx-ingress-controller-app/templates/clusterrole.yaml b/helm/nginx-ingress-controller-app/templates/clusterrole.yaml new file mode 100644 index 000000000..c6acb4d48 --- /dev/null +++ b/helm/nginx-ingress-controller-app/templates/clusterrole.yaml @@ -0,0 +1,77 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "ingress-nginx.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "ingress-nginx.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - nodes + - pods + - secrets + verbs: + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - get +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update +- apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch + - get diff --git a/helm/nginx-ingress-controller-app/templates/rbac.yaml b/helm/nginx-ingress-controller-app/templates/rbac.yaml index 0bdbfc12e..3a994f879 100644 --- a/helm/nginx-ingress-controller-app/templates/rbac.yaml +++ b/helm/nginx-ingress-controller-app/templates/rbac.yaml @@ -1,82 +1,4 @@ apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ include "ingress-nginx.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "ingress-nginx.labels" . | nindent 4 }} -rules: -- apiGroups: - - "" - resources: - - configmaps - - endpoints - - nodes - - pods - - secrets - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - nodes - verbs: - - get -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - list - - watch -- apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - list - - watch - - get ---- -apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ include "ingress-nginx.fullname" . }}